Skip to content

Commit 213381e

Browse files
fabpotfabpot
committed
bug #46054 [SecurityBundle] Use config's secret in remember-me signatures (jderusse)
This PR was merged into the 5.4 branch. Discussion ---------- [SecurityBundle] Use config's secret in remember-me signatures | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | - | License | MIT | Doc PR | - Commits ------- a412f30 [SecurityBundle] Use config's secret in remember-me signatures
2 parents 686c704 + a412f30 commit 213381e

File tree

2 files changed

+48
-2
lines changed

2 files changed

+48
-2
lines changed

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -128,6 +128,7 @@ public function createAuthenticator(ContainerBuilder $container, string $firewal
128128
$tokenVerifier = $this->createTokenVerifier($container, $firewallName, $config['token_verifier'] ?? null);
129129
$container->setDefinition($rememberMeHandlerId, new ChildDefinition('security.authenticator.persistent_remember_me_handler'))
130130
->replaceArgument(0, new Reference($tokenProviderId))
131+
->replaceArgument(1, $config['secret'])
131132
->replaceArgument(2, new Reference($userProviderId))
132133
->replaceArgument(4, $config)
133134
->replaceArgument(6, $tokenVerifier)
@@ -136,6 +137,7 @@ public function createAuthenticator(ContainerBuilder $container, string $firewal
136137
$signatureHasherId = 'security.authenticator.remember_me_signature_hasher.'.$firewallName;
137138
$container->setDefinition($signatureHasherId, new ChildDefinition('security.authenticator.remember_me_signature_hasher'))
138139
->replaceArgument(1, $config['signature_properties'])
140+
->replaceArgument(2, $config['secret'])
139141
;
140142

141143
$container->setDefinition($rememberMeHandlerId, new ChildDefinition('security.authenticator.signature_remember_me_handler'))
@@ -205,7 +207,10 @@ public function addConfiguration(NodeDefinition $node)
205207
;
206208

207209
$builder
208-
->scalarNode('secret')->isRequired()->cannotBeEmpty()->end()
210+
->scalarNode('secret')
211+
->cannotBeEmpty()
212+
->defaultValue('%kernel.secret%')
213+
->end()
209214
->scalarNode('service')->end()
210215
->arrayNode('user_providers')
211216
->beforeNormalization()

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php

Lines changed: 42 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -419,7 +419,7 @@ public function testRememberMeCookieInheritFrameworkSessionCookie($config, $same
419419
'firewalls' => [
420420
'default' => [
421421
'form_login' => null,
422-
'remember_me' => ['secret' => 'baz'],
422+
'remember_me' => [],
423423
],
424424
],
425425
]);
@@ -433,6 +433,7 @@ public function testRememberMeCookieInheritFrameworkSessionCookie($config, $same
433433

434434
$this->assertEquals($samesite, $definition->getArgument(3)['samesite']);
435435
$this->assertEquals($secure, $definition->getArgument(3)['secure']);
436+
$this->assertSame('%kernel.secret%', $definition->getArgument(1));
436437
}
437438

438439
/**
@@ -484,6 +485,46 @@ public function testCustomRememberMeHandler()
484485
$this->assertEquals([['firewall' => 'default']], $handler->getTag('security.remember_me_handler'));
485486
}
486487

488+
public function testSecretRememberMeHasher()
489+
{
490+
$container = $this->getRawContainer();
491+
492+
$container->register('custom_remember_me', \stdClass::class);
493+
$container->loadFromExtension('security', [
494+
'enable_authenticator_manager' => true,
495+
'firewalls' => [
496+
'default' => [
497+
'remember_me' => ['secret' => 'very'],
498+
],
499+
],
500+
]);
501+
502+
$container->compile();
503+
504+
$handler = $container->getDefinition('security.authenticator.remember_me_signature_hasher.default');
505+
$this->assertSame('very', $handler->getArgument(2));
506+
}
507+
508+
public function testSecretRememberMeHandler()
509+
{
510+
$container = $this->getRawContainer();
511+
512+
$container->register('custom_remember_me', \stdClass::class);
513+
$container->loadFromExtension('security', [
514+
'enable_authenticator_manager' => true,
515+
'firewalls' => [
516+
'default' => [
517+
'remember_me' => ['secret' => 'very', 'token_provider' => 'token_provider_id'],
518+
],
519+
],
520+
]);
521+
522+
$container->compile();
523+
524+
$handler = $container->getDefinition('security.authenticator.remember_me_handler.default');
525+
$this->assertSame('very', $handler->getArgument(1));
526+
}
527+
487528
public function sessionConfigurationProvider()
488529
{
489530
return [

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy